The (very) uneven distribution of DNS root servers on the Internet

As we reported last Friday, the number of DNS root servers on the Internet has grown significantly the past few years. Now we will take a closer look at how those root servers are distributed across the world.

Since the root servers are critical to Internet’s DNS infrastructure, they would ideally be spread out in a way that serves the Internet population in a fair and even manner. That is, however, not the case.

As you’ll see, when you start taking regional Internet user numbers into consideration, the distribution of root servers is highly uneven. Some regions are clearly underserved.

DNS root server distribution

First, let’s have a look at the actual distribution of the world’s root servers. We have grouped them by world region, so you can get a good overview:

So, that’s how the root servers are distributed. Now compare that with the distribution of Internet users across the same regions. We have kept the colors for the regions the same, so you can easily compare the two charts.

It’s not hard to see that there are some staggering differences here. One would imagine that if all things were equal, the distribution of root servers should mirror the distribution of Internet users. But it’s not even close.

Here are a couple of the most blatant discrepancies:

Europe and North America together have only 36% of the Internet population, but 62% of the root servers.

Asia has 45% of the Internet population, but only 17% of the root servers.

Clearly Asia is getting the short end of the stick.

Internet users per root server

To further illustrate the differences in root server distribution, you can look directly at how many Internet users there are for each root server site in a region. The lower the number, the better.

Below average (a good thing in this case): Europe, North America, Oceania.

Trends

An interesting side note is that in 2007, the world average was 9.4 million Internet users per root server site. In 2012 it is, as you can see in the chart above, 7.6 million. That is definitely an improvement.

Asia on the other hand has gone from 16.7 million Internet users per root server site in 2007 to 20.3 million in 2012.

In other words, the world as whole is getting a better ratio between the number of Internet users and root servers, while Asia is getting a worse ratio.

In the past 5 years the world Internet population has doubled, and more than half of the new Internet users have come from Asia. It’s clearly a region that is becoming increasingly underserved in terms of DNS infrastructure.

Conclusion

The overall distribution of root servers is much better than it was a decade ago. There are more of them, in more locations, and the hardware involved is more powerful. However, the distribution of root servers seems to have taken a wrong turn at some point, not matching its growth to how the Internet population is spread out.

To some extent you can probably blame this on the general state of the Internet’s infrastructure. The more “developed” regions, with more established infrastructure, are better off. However, the differences are so large that that is unlikely to be the only reason.

We think that the root server distribution should take regional Internet population size into consideration, so we hope the people in charge read this and act accordingly as the Internet continues to grow.

It doesn’t actually matter in terms of root servers / population, because a VERY tiny percentage of that population will be querying the root servers directly. A better – although still inaccurate – metric would be root servers / ISP. Most subscribers resolve DNS queries using servers provided by their ISP. The ISPs servers will occasionally have to hit the root servers for a lookup, but then the result will be cached. For example, for the .com and .net domains, the NS records have an expiration time of 2 days. This means that each ISP only has to hit the root server for those domains once every two days.While I can’t quickly find a list of Asian ISPs and their numbers of customers as I write this, I would imagine there are a number of very large ones which combined, account for the vast majority of the users. If users in Asia are truely ‘worse off’ then this would be down to the ISPs having grown their customer base, without growing their own internal DNS infrastructure accordingly. There is no blame here to be put on the owners of the root nameservers.

Cross-posting this here so more people can see it: It doesn’t actually matter in terms of root servers / population, because a VERY tiny percentage of that population will be querying the root servers directly. A better – although still inaccurate – metric would be root servers / ISP. Most subscribers resolve DNS queries using servers provided by their ISP. The ISPs servers will occasionally have to hit the root servers for a lookup, but then the result will be cached. For example, for the .com and .net domains, the NS records have an expiration time of 2 days. This means that each ISP only has to hit the root server for those domains once every two days.While I can’t quickly find a list of Asian ISPs and their numbers of customers as I write this, I would imagine there are a number of very large ones which combined, account for the vast majority of the users. If users in Asia are truely ‘worse off’ then this would be down to the ISPs having grown their customer base, without growing their own internal DNS infrastructure accordingly. There is no blame here to be put on the owners of the root nameservers.

The problem is purely a governance problem: the placement of a root name server instance is “pull”, not “push”. The instances of the various root name servers are put in places where people ask for it and pay for it (or find a sponsor). It is not only a matter of money. In many places, negotiations are complicated and good will is not always present (Bill Woodcock reported that you sometimes even need to bribe people, see http://mailman.apnic.net/mailing-lists/apnic-talk/archive/2012/03/msg00010.html )

You do not install a root name server instance in Shangai or Mumbai like you rent a rack in 60 Hudson.

@bortzmeyer Thanks for the insights. Interesting. Had to quote this: “Honestly, we haven’t even gotten that far when we’ve offered to deploy servers (for instance for domains like .IN) inside India. The bribes that were requested in exchange for giving us permission to deploy a free service were, uh, both prohibitive and ludicrous in their enormity.”

Another important point is that, in some countries, installing a root name server can lead to trouble if the replies from the server are rewritten (something which is frequently done in China). An example was famous: http://www.nic.cl/anuncios/2010-03-29-eng.html

But what would the cost be for “Asia” to achieve parity, given the population density where most of those under-served users reside? And more importantly, where would the value drop off be (i.e., cost vs performance)?

Value becomes a notable concern when the rapid spread of internet access in technologically-developing areas may bring the scalability of current solutions into question. Would a well-intentioned attempt to quickly even the infrastructural playing field mean deploying hardware and software ill-equipped for such a task?

What would a holistic view of the problem show us versus just focusing on individual symptoms? Just as different markets demand localized solutions to other common categories (food, fashion, technology, transportation, banking, etc.), there is a huge opportunity, in principles and profits, to addressing the unique needs of internet users by region.

Your article does a good job introducing some figures and makes some interesting observations. However, your line of reasoning seems to point to some ‘invisible hand’ that punishes ‘disadvantaged’ regions over more developed ones (that is, even ignoring that Asia hosts some highly developed economies).

You should acknowledge the fact that any organization willing to spend less than 10k US dollars can host an anycasted copy of a root server. How many Asian orgs can do that? I’m willing to bet that they number in the thousands. Why is that they don’t move forward and just do it? This is a more interesting question.

This is also true for my region (Latin America). Our ‘disadvantage’ (in terms of root servers) at this point is more our fault than the fault of some ‘invisible hand’. This situation is improving rapidly though.

@carlosm3011 The intention really wasn’t to point fingers at some “invisible hand.” We just thought it would be a good thing to highlight that these differences exist, and that they are worth keeping in mind as the Internet DNS infrastructure keeps growing.

I agree with Dave Legg, the location of the root servers doesn’t depend on the clients used. A better analysis would be what is the distribution of BGP numbers against root servers, where are the networks/ISPs that are using the root servers. There may be an ISP in China with as many customers as the population of a few countries but they will worry about serving the DNS requests themselves and they will probably have to comply with some national government policy about DNS filtering as well.

So while an interesting analysis it isn’t really statistically significant.